Skip to navigation

Security Advisory Low: sysstat security, bug fix, and enhancement update

Advisory: RHSA-2011:1005-1
Type: Security Advisory
Severity: Low
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-3852

Details

An updated sysstat package that fixes one security issue, various bugs, and
adds one enhancement is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The sysstat package contains a set of utilities which enable system
monitoring of disks, network, and other I/O activity.

It was found that the sysstat initscript created a temporary file in an
insecure way. A local attacker could use this flaw to create arbitrary
files via a symbolic link attack. (CVE-2007-3852)

This update fixes the following bugs:

* On systems under heavy load, the sadc utility would sometimes output the
following error message if a write() call was unable to write all of the
requested input:

"Cannot write data to system activity file: Success."

In this updated package, the sadc utility tries to write the remaining
input, resolving this issue. (BZ#454617)

* On the Itanium architecture, the "sar -I" command provided incorrect
information about the interrupt statistics of the system. With this update,
the "sar -I" command has been disabled for this architecture, preventing
this bug. (BZ#468340)

* Previously, the "iostat -n" command used invalid data to create
statistics for read and write operations. With this update, the data source
for these statistics has been fixed, and the iostat utility now returns
correct information. (BZ#484439)

* The "sar -d" command used to output invalid data about block devices.
With this update, the sar utility recognizes disk registration and disk
overflow statistics properly, and only correct and relevant data is now
displayed. (BZ#517490)

* Previously, the sar utility set the maximum number of days to be logged
in one month too high. Consequently, data from a month was appended to
data from the preceding month. With this update, the maximum number of days
has been set to 25, and data from a month now correctly replaces data from
the preceding month. (BZ#578929)

* In previous versions of the iostat utility, the number of NFS mount
points was hard-coded. Consequently, various issues occurred while iostat
was running and NFS mount points were mounted or unmounted; certain values
in iostat reports overflowed and some mount points were not reported at
all. With this update, iostat properly recognizes when an NFS mount point
mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)

* When a device name was longer than 13 characters, the iostat utility
printed a redundant new line character, making its output less readable.
This bug has been fixed and now, no extra characters are printed if a long
device name occurs in iostat output. (BZ#604637)

* Previously, if kernel interrupt counters overflowed, the sar utility
provided confusing output. This bug has been fixed and the sum of
interrupts is now reported correctly. (BZ#622557)

* When some processors were disabled on a multi-processor system, the sar
utility sometimes failed to provide information about the CPU activity.
With this update, the uptime of a single processor is used to compute the
statistics, rather than the total uptime of all processors, and this bug no
longer occurs. (BZ#630559)

* Previously, the mpstat utility wrongly interpreted data about processors
in the system. Consequently, it reported a processor that did not exist.
This bug has been fixed and non-existent CPUs are no longer reported by
mpstat. (BZ#579409)

* Previously, there was no easy way to enable the collection of statistics
about disks and interrupts. Now, the SADC_OPTIONS variable can be used to
set parameters for the sadc utility, fixing this bug. (BZ#598794)

* The read_uptime() function failed to close its open file upon exit. A
patch has been provided to fix this bug. (BZ#696672)

This update also adds the following enhancement:

* With this update, the cifsiostat utility has been added to the sysstat
package to provide CIFS (Common Internet File System) mount point I/O
statistics. (BZ#591530)

All sysstat users are advised to upgrade to this updated package, which
contains backported patches to correct these issues and add this
enhancement.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
sysstat-7.0.2-11.el5.src.rpm
File outdated by:  RHBA-2012:1219
    MD5: ab2a3b41335184f7927df43094c38b2e
SHA-256: fd36c999a74623c18ef7341681474d84aaa2c78bce9d194aaaafca90673ea4ea
 
IA-32:
sysstat-7.0.2-11.el5.i386.rpm
File outdated by:  RHBA-2012:1219
    MD5: e352d7cb48dbafc78d3fa96b82fc7930
SHA-256: 9b65fde46bf1725b90c0c5e2f26e8f98655393c0332e1b7929c08830c852f680
 
IA-64:
sysstat-7.0.2-11.el5.ia64.rpm
File outdated by:  RHBA-2012:1219
    MD5: 8654c52fe8527a80c156a7788fed18b9
SHA-256: 6587e35cfb9c7cf1747a876587298fa0d972bf9a35e03f028fa641185313ca66
 
PPC:
sysstat-7.0.2-11.el5.ppc.rpm
File outdated by:  RHBA-2012:1219
    MD5: f9d7a20062c878151eed70271dd8accc
SHA-256: e60caca86a828e82b331c4819075394c1c6efe963bef828be7d056d683eb379f
 
s390x:
sysstat-7.0.2-11.el5.s390x.rpm
File outdated by:  RHBA-2012:1219
    MD5: 5a5fb4d145fff511184597aeb43be029
SHA-256: 10a551009c0be10b02241506f1fff22ba5821a6a0c3d30ba81671b06aca8689d
 
x86_64:
sysstat-7.0.2-11.el5.x86_64.rpm
File outdated by:  RHBA-2012:1219
    MD5: 91e9b9dcfc7770ec73d5003f115de714
SHA-256: abf54df5b37ee440d42ccc9014aff1de81837263a4439b3abea25742ef8c56a5
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
sysstat-7.0.2-11.el5.src.rpm
File outdated by:  RHBA-2012:1219
    MD5: ab2a3b41335184f7927df43094c38b2e
SHA-256: fd36c999a74623c18ef7341681474d84aaa2c78bce9d194aaaafca90673ea4ea
 
IA-32:
sysstat-7.0.2-11.el5.i386.rpm
File outdated by:  RHBA-2012:1219
    MD5: e352d7cb48dbafc78d3fa96b82fc7930
SHA-256: 9b65fde46bf1725b90c0c5e2f26e8f98655393c0332e1b7929c08830c852f680
 
x86_64:
sysstat-7.0.2-11.el5.x86_64.rpm
File outdated by:  RHBA-2012:1219
    MD5: 91e9b9dcfc7770ec73d5003f115de714
SHA-256: abf54df5b37ee440d42ccc9014aff1de81837263a4439b3abea25742ef8c56a5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

251200 - CVE-2007-3852 sysstat insecure temporary file usage
454617 - [RHEL5] Though function write() executed sucessful, sadc end with an error.
484439 - iostat -n enhancement not report NFS client stats correctly
517490 - The 'sar -d ' command outputs invalid data
578929 - March sar data was appended to February data
579409 - The sysstat's programs such as mpstat shows one extra cpu.
598794 - Enable parametrization of sadc arguments
604637 - extraneous newline in iostat report for long device names
622557 - sar interrupt count goes backward
630559 - 'sar -P ALL -f xxxx ' does not display activity information.
675058 - iostat: bogus value appears when device is unmounted/mounted
694767 - iostat doesn't report statistics for shares with long names
696672 - Resource leak
706095 - iostat -n - values in output overflows


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/